Wireless sensor networks are a relatively new technology for information gathering and processing. A sensor network usually consists of many, resource constrained sensor nodes. These nodes perform measurements of some physical phenomena, process data, generate reports, and send these reports via multihop communication to a central information processing unit called sink. Depending on the scenario, information gathering and processing is collaboratively performed by multiple sensor nodes, e.g., to determine the average temperature in a certain area. Sensor networks can be used in a plethora of application scenarios. Emerging from military research, e.g., sensor networks for target tracking in a battlefield, sensor networks are nowadays used more and more in civil applications such as critical infrastructure monitoring. For ensuring the functionality of a sensor network, especially in malicious environments, security mechanisms are essential for all sensor networks. However, sensor networks differ from classical (wireless) networks and this consequently makes it harder to secure them. Reasons for this are resource constraints of the sensor nodes, the wireless multihop communication, and the possibility of node compromise. Since sensor nodes are often deployed in unattended or even hostile environments and are usually not equipped with tamper-resistant hardware, it is relatively easy to compromise a sensor node. By compromising a sensor node, an adversary gets access to all data stored on the node, such as cryptographic keys. Thus, deployed security mechanisms such as node-based authentication become ineffective and an adversary is able to perform attacks as a "legitimate" member of the network. Such attacks are denoted as insider attacks and pose a serious threat for wireless sensor networks. In this thesis, we develop concepts and mechanisms to cope with insider attacks in wireless sensor networks. The contribution of this thesis is twofold. First, we propose a new general classification to classify the different approaches to protect against insider attacks. Second, we propose several security protocols to protect against insider attacks. In our classification, approaches to protect against insider attacks are first distinguished by the implemented security strategy. The respective strategies are further subclassified by the applied mechanisms. Related work is integrated in the classification to systematically identify open problems and specific properties in the respective areas. The results may be a basis for future protocol design. The protocols, proposed in the second part of this thesis encompass different areas. First, we propose a protocol to protect against a serious Denial-of-Service attack where an adversary injects or replays a large amount of false messages to overload many message forwarding nodes and to (totally) waste their scarce energy resources. Proposed approaches usually apply threshold-based mechanisms to filter such messages out. The drawback of this approach is that messages are not filtered out immediately and if the threshold of compromised nodes is reached, the attack becomes again possible. Our protocol is able to immediately filter such messages while tolerating an arbitrary number of compromised sensor nodes. Further mechanisms are required to additionally protect against an insider attack where an adversary injects false reports to deceive the sink. Usually a redundancy-based approach is used where a report is only valid if it has been collaboratively generated by multiple sensor nodes. However, previously proposed protocols are susceptible to an insider attack where an adversary that has compromised only a single node might be able to impede a successful report generation. So far, only one protocol has been proposed to cope with this issue. However, it is a specific enhancement for a particular protocol and the attacking nodes cannot be identified and excluded. In this thesis, we propose two protocols which protect against the injection of false reports and also enable the detection and exclusion of nodes trying to disrupt the collaborative report generation. In addition, our protocols can be used in combination with or as an extension to any other protocol. In addition, we investigate a general approach to prevent insider attacks and to detect compromised nodes in certain scenarios. We propose to use tamper-resistant hardware in form of the Trusted Platform Module (TPM). Due to cost reasons, the TPM is integrated only in some special sensor nodes that perform some special tasks such as key management, localization or time synchronization in the sensor network. These nodes are a valuable target for an adversary. To detect tampering attempts on these nodes, we propose two efficient attestation protocols. In contrast to attestation protocols proposed for "classical" networks, our protocols have a low communication and computational overhead. They do not require expensive public key operations on the verifying nodes and the few exchanged messages are very short. In addition, compared to software-based attestation, our protocols have the advantage to enable attestation along multiple hops which is of high concern in sensor networks. Using our approach, it is possible to verify the trustworthiness of certain sensor nodes even in unattended or hostile environments making them suitable to perform special tasks.